MX change not propagating

L

ld13

Honorary Master
Joined
Oct 28, 2005
Messages
13,922
Reaction score
2,473
Location
Stellenbosch
I have never had this issue before...

I changed the MX on an Afrihost domain last year to point to google:

1767808102248.png

But it seems like there are servers in the wild that still have the old afrihost MX in their cache? Specifically 10:mx1600899.spe.ucebox.co.za

1767808387270.png

Any thoughts anyone, or @Afrigirl ?
 
Last edited:
Query each of your NSs directly to make sure they all got the zone update
 
Sinbad said:
Query each of your NSs directly to make sure they all got the zone update
Click to expand...

Busy moving the domain to @Jade @ Absolute Hosting , but the domain transfer failed due to the contact email being incorrect at Afrihost. That has been fixed, but the domain is still with Afrihost. So the Authoritative DNS is
1767808759320.png

CMD reports the following:

1767809098318.png
 
Try manually querying the soa and ns (and mx) for your domain from those servers reporting wrong?
 
Is it just the one server that has the incorrect record?

If your NS have the correct records then it's all good. There could be issues with the downstream DNS servers. As long as it's been replicated to the big ones you know it's working (1.1.1.1, 8.8.8.8, 9.9.9.9, 208.67.222.222)
 
Sinbad said:
Try manually querying the soa and ns (and mx) for your domain from those servers reporting wrong?
Click to expand...

CMD against the 4 authoritative DNS servers gives the same SOA, NS and MX.
primary name server = ns.dns1.co.za
responsible mail addr = support.afrihost.com
serial = 2025122301
refresh = 28800 (8 hours)
retry = 3600 (1 hour)
expire = 2419200 (28 days)
default TTL = 1800 (30 mins)

gregmcc said:
Is it just the one server that has the incorrect record?

If your NS have the correct records then it's all good. There could be issues with the downstream DNS servers. As long as it's been replicated to the big ones you know it's working (1.1.1.1, 8.8.8.8, 9.9.9.9, 208.67.222.222)
Click to expand...

Same, with 8.8.8.8 being the outlier, with the SOA serial being a mismatch
Server: dns.google
Address: 8.8.8.8

Non-authoritative answer:
primary name server = ns.dns1.co.za
responsible mail addr = support.afrihost.com
serial = 2025120801
refresh = 28800 (8 hours)
retry = 3600 (1 hour)
expire = 2419200 (28 days)
default TTL = 1800 (30 mins)
 
Last edited:
I meant against the servers showing the wrong result, but the 8.8.8.8 result is what I was looking for.

Super weird.
 
Sinbad said:
I meant against the servers showing the wrong result, but the 8.8.8.8 result is what I was looking for.

Super weird.
Click to expand...

whatsmydns does not show you the IP of the server reporting the DNS result, but I see the one is showing liquid - will search for their DNS and try and query it directly
 
Quad9 also fine from my network...
 
This is a weird one. 8.8.8.8 in my location (UK) has the wrong record. Have you tried making a update to it and seeing if it triggers a refresh.



Update: It's just fixed itself on 8.8.8.8?!

Update 2: And it's broken again.
2 queries within 5 seconds giving different results.
 
Last edited:
What does dig with +trace show? (censor the domain)
 
Sinbad said:
What does dig with +trace show? (censor the domain)
Click to expand...

Took me way too long to get dig to dig on this windows pc, but yea,


Code: 
; <<>> DiG 9.17.12 <<>> removed.co.za MX +trace

;; global options: +cmd

.                       87203   IN      NS      k.root-servers.net.

.                       87203   IN      NS      e.root-servers.net.

.                       87203   IN      NS      m.root-servers.net.

.                       87203   IN      NS      c.root-servers.net.

.                       87203   IN      NS      g.root-servers.net.

.                       87203   IN      NS      h.root-servers.net.

.                       87203   IN      NS      j.root-servers.net.

.                       87203   IN      NS      i.root-servers.net.

.                       87203   IN      NS      l.root-servers.net.

.                       87203   IN      NS      f.root-servers.net.

.                       87203   IN      NS      b.root-servers.net.

.                       87203   IN      NS      d.root-servers.net.

.                       87203   IN      NS      a.root-servers.net.

.                       87203   IN      RRSIG   NS 8 0 518400 20260120170000 20260107160000 21831 . c4dSJHT3RJvrnxBGCiTUr6qEp9u3wikK+jXJIa83BC7xVBd+pEenGtlO XtKipl6wtTNfJnomE/7Va2Eb5UDJgxBMaHfcUqizV7hi6VP7U4Fxwuuv KPmQR7ddqVOVJtjqKZEZJw9YWVz5tJpGu6+S5cCNwQq88KYXBW9Je8b9 HrAO2YeI8Y7aEiKMWJQpgo3TG0r1u7i0K4X9ks2SvYvywVDmMoa2jGqR henzSPhlj1Q2DlNmTII1mSxQ4qo0/t5G5U4YfvTtE97RFOPMf3OY8EFr oNtmNsa7Ua2WCOXjD7lIN14CY/T4qhMPAur/NJhXwj4W6q0dJHh5unt3 yAx+8g==

;; Received 525 bytes from 8.8.8.8#53(8.8.8.8) in 36 ms



za.                     172800  IN      NS      za1.dnsnode.net.

za.                     172800  IN      NS      nsza.is.co.za.

za.                     172800  IN      NS      za-ns.anycast.pch.net.

za.                     86400   IN      DS      45749 8 2 3E2B0B7E6063CA11400FA4B54D8A530888234CD0EB3B5FBF820C0750 784DA84E

za.                     86400   IN      RRSIG   DS 8 1 86400 20260120170000 20260107160000 21831 . Lm7dUqgTCAHsD+9oadUG/JVIZneM1T3pWYtqUzPdHzWIgODQ5k9/SJqP gGtMURgv7E/gQodMgalM59tGp+UtrvUePSPTsR5iJ4fMRJqgm5djodNZ q/tvTH4Yb1DQIp+2tTbplqVLHalBubvzQH4G6thhR1tbryBcx7rqFdqA DRpi5esw5mzsVZU1abyEfEZHBFOyAlNrDzJsiDTUFkIxIe0CBD0HXzLR t5kBh3APy04qk1nry6m3hVcAGz9wgOMA1S+umkT/YZo05ehiI25QyROp Kd96JCuGqdwvjagN3DuoK9mw7EpZorsNIQKzKC2uPO9RIYoXiuJj6j6a t6r/sg==

;; Received 564 bytes from 199.7.91.13#53(d.root-servers.net) in 24 ms



removed.co.za.          10800   IN      NS      ns.dns1.co.za.

removed.co.za.          10800   IN      NS      ns.dns2.co.za.

removed.co.za.          10800   IN      NS      ns.otherdns.com.

removed.co.za.          10800   IN      NS      ns.otherdns.net.

j7pm24bg7r40ec5gioec8gc47u4ds78l.co.za. 900 IN NSEC3 1 1 0 - J8130ULCBRT8JCL9S5S8JAF0QEJV94RJ NS SOA MX TXT RRSIG DNSKEY NSEC3PARAM

j7pm24bg7r40ec5gioec8gc47u4ds78l.co.za. 900 IN RRSIG NSEC3 8 3 900 20260121190400 20260107173400 46131 co.za. AUCzNVWPNRxPs4UDXZKPZJ4qav939Nz5Vml+CRjWZH6LO+kVXn6EMWn4 /IJShcuoSYw1QRFxelsOVGHIGDSrsCV6TLcZ77+x5hoxyjdjkIchpxdw SKwjmvZe4HNMbthBMobYENEVWZYWYpER7NaLrMY3agA7Qcj/8dfa3NQa duk=

o3llc0afcu97injogo4nu1sibp1bth8h.co.za. 900 IN NSEC3 1 1 0 - O440PRIH7GNUKASQI3S6I0CJPN751Q3S NS DS RRSIG

o3llc0afcu97injogo4nu1sibp1bth8h.co.za. 900 IN RRSIG NSEC3 8 3 900 20260121190400 20260107173400 46131 co.za. b8L4m3nUQbpk+va3nekVu4TNWtWvtwXWmgu6UaBIl/AWhXfFktLxX6y2 rvEWB9IAZBiREV/tegjbsNpmxJpn/REn+jHAEMvfgaTwylzU1em3LkpO v4q2rVkT72Tqt1gYllMNHP+dyZ809l6XyK/6LmyGvllAuB76jTyYVhw8 ooI=

;; Received 759 bytes from 194.146.106.78#53(za1.dnsnode.net) in 21 ms



removed.co.za.          1000    IN      MX      9 SMTP.GOOGLE.COM.

;; Received 73 bytes from 154.0.6.120#53(ns.otherdns.net) in 27 ms
 
Probably one for Afrihost. I think there is some conflicting issue with the authoritive nameserver server as that's the only think i can think of why some servers have the old value.

BTW If you are going to be sending bulk mail via 365/Yahoo/Gmail you will want to create a DMARC record.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X